1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-23 21:35:11 +03:00
Commit Graph

67815 Commits

Author SHA1 Message Date
Luca Boccassi
12de4ed1ca boot: measure loader.conf in PCR5
Results in:

- EventNum: 26
  PCRIndex: 5
  EventType: EV_EVENT_TAG
  DigestCount: 4
  Digests:
  - AlgorithmId: sha1
    Digest: 155fb999ca61ba8c7b1f1d87cee821f772ef084a
  - AlgorithmId: sha256
    Digest: 4c26adf231603613afc00bb3d5cad046aec6a525ca01262417c7085caab452b5
  - AlgorithmId: sha384
    Digest: 3e0758cb6605ac274e55d747bf29ee3474fc4413cd5e7a451d1375219cd7f08a30fc915a8df7131657ca78b82b9ccec8
  - AlgorithmId: sha512
    Digest: e32d905b9092c543802f386db9a397d9b6593bdb8360fb747a6d23e491a09595fec8699184cc790d0873a3d52ed16d045538f0c73ece48278fae0fb6ed9b4ed6
  EventSize: 32
  Event: 2a58bcf5180000006c006f0061006400650072002e0063006f006e0066000000
2023-10-09 22:22:09 +01:00
Luca Boccassi
3e6f010e03 stub: measure all cmdline addons together 2023-10-09 22:22:09 +01:00
Luca Boccassi
68f85761e2 stub: add support for dtb addons
Same as kernel command line addons.
2023-10-09 22:22:09 +01:00
Luca Boccassi
3b66a6764e Move CLEANUP_ARRAY to src/fundamental 2023-10-09 22:22:09 +01:00
Luca Boccassi
3e5a499009 efi: add xmemdup 2023-10-09 22:22:09 +01:00
Luca Boccassi
d869ec4ab0 efi: add EFI_TCG2_TAGGED_EVENT and helpers 2023-10-09 22:22:09 +01:00
Luca Boccassi
70def6fed3 mkosi: use different configs for Debian kernel package list
The kernel package is named after the architecture, so builds will
fail if mkosi --architecture arm64 is used
2023-10-09 22:19:00 +01:00
Frantisek Sumsal
c4eb888740 test: make the DDI tests work with older openssl
Older openssl unfortunately insists on having a config file with certain
fields, so let's reuse the one we already create in previous tests.

Should address following error on C8S:

[  407.812039] testsuite-50.sh[654]: + openssl req -config /dev/null -subj=/CN=waldo -x509 -sha256 -nodes -days 365 -newkey rsa:4096 -keyout /tmp/test-50-privkey.key -out /tmp/test-50-cert.crt
[  407.849089] testsuite-50.sh[2325]: Generating a RSA private key
[  408.947853] testsuite-50.sh[2325]: ..................................++++
[  423.100903] testsuite-50.sh[2325]: ..........++++
[  423.111036] testsuite-50.sh[2325]: writing new private key to '/tmp/test-50-privkey.key'
[  423.115036] testsuite-50.sh[2325]: -----
[  423.117842] testsuite-50.sh[2325]: unable to find 'distinguished_name' in config
[  423.120863] testsuite-50.sh[2325]: problems making Certificate Request
[  423.123448] testsuite-50.sh[2325]: 140737354091984:error:0E06D06C:configuration file routines:NCONF_get_string:no value:crypto/conf/conf_lib.c:273:group=req name=distinguished_name

Follow-up to 99d9edf0bd.
2023-10-09 18:54:23 +01:00
Luca Boccassi
ace07128ac dissect: avoid clobbering device-mapper error when activating verity
The device-mapper driver can return a wild variety of errors when trying
to activate the same dm-verity volume concurrently, as it might happen
with an image. There is a fallback logic in place, but the original
return code was clobbered when userspace signature check was added.
Add it back.

Follow-up for c2fa92e7e8
2023-10-09 18:41:16 +01:00
Abderrahim Kitouni
3c1f396f69 man: support multiple versions of the documentation on the website
This changes the doc-sync meson target from a simple rsync command to a
script that:

* puts the documentation in a subdirectory according to the version
* injects a bit of javascript to add a drop-down to switch between versions
* updates an index.json file with the newly uploaded version
* keeps the latest/ directory up to date with the latest version
* supports a --no-latest switch to be used when uploading older versions
2023-10-09 11:16:20 +01:00
Luca Boccassi
00dd4e78f6
Merge pull request #29495 from yuwata/network-manager-state-file
network: fixlets for manager state file
2023-10-08 22:46:44 +01:00
Luca Boccassi
6bcc7bcf20
Merge pull request #29490 from yuwata/network-tc-fixes
network: several fixes for traffic control support
2023-10-08 22:31:26 +01:00
Martin Beneš
fc48807d29 add udev rule for micmute (f20) 2023-10-08 15:41:13 +01:00
Yu Watanabe
2d7ca6b45d test-network: add test for DHCPv6 information requesting mode
For issue #28566.
2023-10-08 16:31:59 +09:00
Yu Watanabe
9709f9edc5 network/dhcp6: keep lease when running in information request mode
Fixes #28566.
2023-10-08 16:22:29 +09:00
Yu Watanabe
814d8f962f network/dhcp6: shorten dhcp6_handler()
Note, currently dhcp6_lease_information_acquired() do nothing, so this
does not change any behavior.
2023-10-08 16:18:49 +09:00
Yu Watanabe
34290c6aa9 test-network: test for NTP servers by DHCPv6 protocol
For issue #29148.
2023-10-08 15:45:35 +09:00
Yu Watanabe
86a66e9b95 network: also save NTP servers and friends obtained by other protocols
Previously, only servers that statically configursd or obtained by
DHCPv4 protocol are saved in the manager state file.

NTP servers obtained by DHCPv6 could not be used by timesyncd.

Fixes #29148.
2023-10-08 13:06:28 +09:00
Piotr Drąg
c51ecf3117 po: add a false positive to POTFILES.skip
Scripts used to detect files that should be in POTFILES.in, like
intltool-update -m used on https://l10n.gnome.org/module/systemd/,
falsely detect this file as containing translations. Avoid this
behavior by putting the file in POTFILES.skip.
2023-10-07 16:21:37 +01:00
Lennart Poettering
a81577961c core: refactor compare_job_priority()
Let's move it out of cgroup.[ch]. The function primarily compares the
priority values for units, hence let's move the core of it into a new
function unit_compare_priority() in unit.[ch], and then make
compare_job_priority() a local wrapper for it in manager.[ch]

Shorten the code a bit while we are at it.
2023-10-07 22:22:00 +09:00
Yu Watanabe
328539c21c
Merge pull request #29482 from poettering/cgroup-func-rename
core: various clean-ups in cgroup.[ch] and around
2023-10-07 22:18:14 +09:00
Yu Watanabe
8fc7e073e3 test-network: extend testcase for tbf
For issue #29485.
2023-10-07 21:35:16 +09:00
Yu Watanabe
9e4d87166f network/tc: support Parent=X:0 for qdiscs
When the minor part of the parent handle is zero, let's check if the
corresponding qdisc exists, rather than tc class.
2023-10-07 21:35:16 +09:00
Yu Watanabe
19607e4371 network/tc: allow to configure class or qdisc under foreign one
Some qdiscs (e.g. tbf) implicitly create class(es) on create.
Previously, we could not create any child qdisc under the class, as the
implicit class is tagged as foreign.
2023-10-07 21:35:16 +09:00
Yu Watanabe
c9e70be162 network/tc: re-enumerate traffic control classes when a qdisc created
Some kind of qdisc implicitly creates a class for the qdisc, but the
created class is not notified by the kernel. So, we need to explicitly
enumerate classes after a qdisc is created.
2023-10-07 21:35:16 +09:00
Yu Watanabe
4147618612 network/tc: fix enumeration logic of traffic control classes
TC class can be enumerated only per link.
2023-10-07 21:35:16 +09:00
Yu Watanabe
be8e933900 network/tc: drop child tree of traffic control nodes on remove
When a node of traffic control tree is removed, all child nodes are also
removed but their removal are not notified by the kernel.
So, previously, removed TC classes or qdiscs under the removed node were
kept in the memory of networkd, and may cause failure on reconfigure.
2023-10-07 21:35:16 +09:00
Yu Watanabe
0708c4fbdb network/tc: align vtables 2023-10-07 21:35:16 +09:00
Daan De Meyer
d210507621
Merge pull request #29491 from yuwata/varlink-follow-ups
varlink: several follow-ups
2023-10-07 11:15:02 +02:00
Yu Watanabe
955fc5d8ab tree-wide: add missing sigbus handling 2023-10-07 11:13:27 +02:00
Yu Watanabe
cf3d95b25d tree-wide: use path_simplify_alloc() more 2023-10-07 16:00:03 +09:00
Yu Watanabe
86f6d32eba varlink: drop unnecessary condition
When 'exec' is true, 'c' is always non-NULL.

Fixes CID#1522384.
2023-10-07 15:51:05 +09:00
Yu Watanabe
939630ae28 varlink: fix typo
Follow-ups for #29325.
2023-10-07 15:48:22 +09:00
Luca Boccassi
a5e6d2fdf5
Merge pull request #29475 from keszybz/remove-wrapper-functions
Remove unnecessary wrapper functions
2023-10-06 22:02:09 +01:00
Zbigniew Jędrzejewski-Szmek
faa6964fe1
Merge pull request #29440 from evelikov/more-auto-entries
sd-boot: add auto-reboot and auto-poweroff entries
2023-10-06 18:54:03 +02:00
Lennart Poettering
49b6babb76 cgroup: rename cgroup_modify_nft_set() → unit_modify_nft_set()
This is the only function that cgroup.h exports that is prefixed with
cgroup_ where this does not refer to some type such as CGroupContext or
CGroupTasksMax or so. It simply operates on a unit. And it doesn't even
modify a cgroup, but just modifies an nft set.

Hence, to make the naming scheme systematic, change prefix from cgroup_
to unit_, matching the majority of the functions that operate on Unit*
in the file.
2023-10-06 18:42:22 +02:00
Lennart Poettering
64c71f4fd7 cgroup: un-export two functions 2023-10-06 18:36:03 +02:00
Lennart Poettering
d46510de2f cgroup: refactor cgroup_xattr_apply()
Split the function up, so that each set of xattrs is applied separately.
2023-10-06 18:24:50 +02:00
Lennart Poettering
17d047f507 cgroup: drop cgroup path parameter from xattr calls
We only pass the same thing there: u->cgroup_path or NULL (which is
ultimately the same as u->cgroup_path). Hence let's simplify things, and
simply drop the whole parameter, and imply u->cgroup_pat.
2023-10-06 18:20:08 +02:00
Lennart Poettering
c6f2dca68c cgroup: rename cgroup_add_* to cgroup_context_*
They add settings to a CGroupContext, hence give them the expected
context, to make clear they do not operate on anything else than the
structure (i.e. not on a kernel cgroup or so).
2023-10-06 18:15:56 +02:00
Lennart Poettering
94f0b13b16 cgroup: rename TasksMax structure to CGroupTasksMax
Almost all our enums/structs/funcs carry the CGroup prefix if they are
defined in cgroup.h, TasksMax so far does not, even though it is
exclusively used in cgroup context.

Change that.
2023-10-06 18:13:16 +02:00
Emil Velikov
cb341090d0 sd-boot: add auto-reboot and auto-poweroff entries
Currently only an auto-reboot-to-firmware entry is available. For other
features - like reboot and power off - one needs to press the uppercase
B and O respectively.

Embedded devices may be missing a full fledged keyboard, so allow for
sd-boot to generate those entries.

v2:
 - add to the config parser/man/bootctl/sd-boot info screen
 - keep them off by default
 - add the (O)ff and re(B)oot help text if boot entries are not shown
 - drop irrelevant get_os_indications_supported() comment
 - s/ShutDown/Shutdown/

v3:
 - cast shutdown_system() reboot_system() to void

v4:
 - shutdown -> poweroff
 - add trailing ",ignoring" in parser message
 - drop explicit default state assignment to "false"

Signed-off-by: Emil Velikov <emil.velikov@collabora.com>
2023-10-06 16:21:23 +01:00
Emil Velikov
28052aa8cd sd-boot: sprinkle some ", ignoring" trailing messages
As mentioned by Lennart:

  ... we typically suffix such messages with ", ignoring", to indicate
  that we don't consider this fatal for anything.

Update config_defaults_load_from_file() to follow that pattern.

Signed-off-by: Emil Velikov <emil.velikov@collabora.com>
2023-10-06 16:21:04 +01:00
Emil Velikov
a9bc49b4a8 sd-boot: remove unneeded false assignment
When the assignment is missing, the default 0/NULL/false value is used.
So drop the explicit piece in config_load_defaults()

Signed-off-by: Emil Velikov <emil.velikov@collabora.com>
2023-10-06 16:21:01 +01:00
Emil Velikov
498d0cc426 sd-boot: cast away reboot_into_firmware() return type
As mentioned by Lennart, in a commit where I was adding similar piece of
code:

  maybe cast this call to void, to tell static analyzers that we are
  ignoring the return value on purpose, not by accident

Signed-off-by: Emil Velikov <emil.velikov@collabora.com>
2023-10-06 16:20:59 +01:00
Zbigniew Jędrzejewski-Szmek
3c4c109de1 basic/macro: add comment explaining DEFINE_TRIVIAL_DESTRUCTOR() 2023-10-06 16:48:22 +02:00
Zbigniew Jędrzejewski-Szmek
f6210525cc fuzz-bus-match: drop unnecessary wrapper function
Same confusion as in previous commit.
2023-10-06 16:48:16 +02:00
Zbigniew Jędrzejewski-Szmek
f95c9f46e2 nspawn: drop unnecessary wrapper functions
The naming was confused: suffix 'p' means that the function takes a pointer to
the type that the wrapped function takes. (E.g., a char**, for a wrapped function
taking a char*.)  But DEFINE_TRIVIAL_DESTRUCTOR() just changes the return type.

Also add one more assert for consistency.
2023-10-06 16:45:49 +02:00
Luca Boccassi
15461b7f19 core: improve debug logs when failing to create symlinks in namespaces
I am seeing some failures and I don't know what is failing and why even
with debug logs, so add more details
2023-10-06 14:30:30 +01:00
Yu Watanabe
34ba0f5150
Merge pull request #29325 from poettering/varlink-introspect
varlink: add introspection support + varlinkctl + varlinkify one first command line tool (systemd-pcrextend)
2023-10-06 21:58:17 +09:00